Our GraphQL API currently supports two authentication methods that you can use depending on your case and needs JWT Authentication and API Token Authentication.

JWT Authentication

This method requires a valid user and password and returns a JWT that can be used to consume the GraphQL API.

POST https://production.suggestic.com/api/v1/login

Request Body

{
    "email": "test@suggestic.com",
    "name": "Ernesto",
    "phone": "",
    "user_id": "4e9fb96d-3291-aa43-92f1-8226408eb0ac",
    "is_premium": true,
    "birthdate": "1984-03-10",
    "avatar": "https://sg-data.storage.googleapis.com:443/4e9fb96d-3291-4f5e-92f1-8226408eb0ac/avatar",
    "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjasdfadfa311CI6IjIwMTcwMTA5MTYzMSJ9.DIAAit7QDBBvoluIYp6lt-jC3cfEOgZ3sThEu0j_T7A",
    "hashed_email": "790cd2c93f39629asdf2234s761de119b13fc2614f3998cb023cfd",
    "program_id": "46477417-dc4e-425c-b3a9-f2bc9b129102",
    "show_program_view": true,
    "transaction_provider": "",
    "transaction_duration": "",
    "transaction_price": 0,
    "profile_id": "7708db196-27a0-4aa2-999e-1e68203a83udd"
}

{
    "detail": "Incorrect username/password"
}

Once this request is sent, the following information is displayed:

{
    "email": "lizalina@gmail.com",
    "name": "lili",
    "phone": "",
    "user_id": "<user_id>",
    "is_premium": false,
    "birthdate": null,
    "avatar": null,
    "token": "<token>",
    "refresh_token": "<refresh_token>",
    "hashed_email": "59184e9bf7b070d500629ae7410aa1bce18ef6bf98655af15dbadadb58e1f137",
    "program_id": "<program_id>",
    "show_program_view": true,
    "transaction_provider": "",
    "transaction_duration": "",
    "transaction_price": 0,
    "profile_id": "<profile_id>"
}

How to use a Bearer Authentication within graphQL

Once you log in, open your Grapqhl Playground; in the authentication section, add the following header

{
  "Authorization": "Bearer <insert_your_token_here>"
}

For example:

The following query retrieves the information of a meal plan by giving the bearer token

cURL Request with Bearer token

The bearer token is sent to the server with the 'Authorization: Bearer {token}' authorization header.

In the following example, we are getting the shopping list request.

curl -XPOST 'https://production.suggestic.com/graphql' \
  -H 'Authorization: Bearer <insert_your_bearer_token_here>' \
  -H 'Content-Type: application/json' \
  --data-raw '{"query":"{\n  shoppingList { edges {node {ingredientLine quantity aisleName recipeName isDone unit  databaseId  errors   }  }  }}"}'

Refresh Token

For security purposes, the access token expires after 2 hours. Once expired, your client applications may use a refresh token to “refresh” the access token.

You may obtain a refresh token using the login mutation.

mutation {
  login(userId: "<USERID>") {
    refreshToken
  }
}

Using JWT without a user's password

If you are not using Suggestic as your identity provider, you can still obtain a JWT from the API using the login mutation. This should be done from your backend using the standard API token authentication.

mutation {
  login(userId: "<USERID>") {
    accessToken
  }
}

In this case, you can expect your authentication flow to be as follows:

• Authenticate the user on your frontend with your implementation.

• Request a JWT on your backend, on behalf of the user, via a request to the Suggestic API using your API key and the user’s ID.

• Pass the JWT to your frontend.

• The frontend then uses that JWT for all future Suggestic API calls.

API Token Authentication

Use this authentication method to access the API "on behalf" of your users.

To use this method, you require a valid API token and a user id. Add these to a custom HTTP Header, as shown below.

POST https://production.suggestic.com/graphql

Important: if you are using a production API key, make sure you call the production environment on http://production.suggestic.com/graphql

Headers

{
  "data": { ... },
  "errors": [ ... ]
}

Clients/Partners API Token

Partners/clients which have an isolated database will need to authenticate by using a different HTTP header named Suggestic-Partner. Use it as it is explained below:

{
  "Authorization": "Token <TOKEN>",
  "Suggestic-Partner":"<PARTNER-SLUG>"
}

Examples

cURL Example

To query GraphQL using cURL, make a POST request with a JSON payload. The payload must contain a string called query:

curl 'https://staging.suggestic.com/graphql' -XPOST \
-H 'Content-Type: application/json' \
-H 'Authorization: Token 7b9f6fd852faba099be1984c97124b7f8d776f26' \
-H 'sg-user: e084268c-5487-4f35-9d74-9ce41de3992b' \
-d '{"query": "{ myProfile { id programName } }"}'

{
  "data": {
    "myProfile": {
      "id": "e084268c-5487-4f35-9d74-9ce41de3992b",
      "programName": "Anti-Inflammatory Diet"
    }
  }
}

If you need to use your partner/client header, use the following cURL

curl -XPOST 'https://production.suggestic.com/graphql' \
-H 'Authorization: Token <API-Token>' \
-H 'SG-User: <user-id>' \
-H 'Suggestic-Partner: <PARTNER-SLUG>' \
-H 'Content-Type: application/json' \

Python Example

import requests

# HTTP Headers including sg-user for especific user context
headers = {
    "Authorization": "Token 7b9f6fd852faba099be1984c97124b7f8d776f26",
    "sg-user": "e084268c-5487-4f35-9d74-9ce41de3992b"
}
# GraphQL query
query = """{ myProfile { id programName } }"""

# Make request
r = requests.post(
    "https://staging.suggestic.com/graphql",
    headers=headers,
    json={"query": query}
)

# print json response
print(r.json())

If you need to use your partner/client header, replace sg-user with the Suggestic-Partner information